This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to thefollowing package versions:

Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5

Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2

Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1

Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect thenecessary changes.

Details follow:

It was discovered that the BGP service in Quagga did not correctlyhandle certain AS paths containing 4-byte ASNs. An authenticated remoteattacker could exploit this flaw to cause bgpd to abort, leading to adenial of service.